02-23-2005 01:32 PM
Hello,
I'm configuring two CSS11501 in High Availability. Both devices run the version 7.30.0.05 (Standard Feature Set) of the management software.
The general projects requirements for the CSSs are:
A) Balance the requests to the two Front-End machine
B) Maintain the session (HA) in the case that a CSS goes down during a work session (online stock trading).
Premising that the first tie is the High Availability, Id want to configure the couple of CSSs in ASR (Adaptive Session Redundancy).
So, it's the following configuration right?
For the MASTER...
!*************** GLOBAL *************
global-portmap base-port 30000 range 30000
ip route 0.0.0.0 0.0.0.0 10.24.36.35 1
!************* INTERFACE ****************
interface e7
isc-port-one
interface e8
bridge vlan 2
!**************** CIRCUIT ******************
circuit VLAN1
ip address 192.168.22.2 255.255.255.0
ip redundant-interface 10 192.168.22.1
circuit VLAN2
ip address 10.24.36.40 255.255.255.0
ip virtual-router 10 priority 110 preempt
ip redundant-vip 10 10.24.36.42
!************ SERVICE ******************
service aix_1
ip address 192.168.22.130
protocol tcp
port 80
keepalive type http
redundant-index 1
active
service aix_2
ip address 192.168.22.131
protocol tcp
port 80
keepalive type http
redundant-index 2
active
!*********** OWNER **********************
owner My_owner
content Web
vip address 10.24.36.42
protocol tcp
port 80
url "/*"
add service aix_1
add service aix_2
redundant-index 3
active
And, for the backup...
!**************** GLOBAL ***********************
global-portmap base-port 33100 range 30000
ip route 0.0.0.0 0.0.0.0 10.24.36.35 1
!*************** INTERFACE ********************
interface e7
isc-port-one
interface e8
bridge vlan 2
!*************** CIRCUIT **************
circuit VLAN1
ip address 192.168.22.3 255.255.255.0
ip redundant-interface 10 192.168.22.1
circuit VLAN2
ip address 10.24.36.41 255.255.255.0
ip virtual-router 10 priority 90
ip redundant-vip 10 10.24.36.42
!***************** SERVICE ********************
service aix_1
ip address 192.168.22.130
protocol tcp
port 80
keepalive type http
redundant-index 1
active
service aix_2
ip address 192.168.22.131
protocol tcp
port 80
keepalive type http
redundant-index 2
active
!**************** OWNER ******************
owner My_owner
content Web
vip address 10.24.36.42
protocol tcp
port 80
url "/*"
add service aix_1
add service aix_2
redundant-index 3
active
--------------------------------------------------
Moreover, what can I do to obtain much HA?
Thanks
Regards
02-24-2005 01:35 AM
There is just a simple mistake.
You need a virtual router per circuit vlan.
You can reuse the same virtual router id, but it needs to be configured on vlan 1 as well as vlan 2.
Then, you may want to configure 'ip critical-service' to define when to failover - ie: when you lose the gateway.
Using the same critical service on both interface is what will tie the 2 virtual router together [in order to fail both interface at the same time].
Regards,
Gilles.
02-24-2005 06:03 AM
Dear Gilles,
thank you for your answer!
If I have well understood your suggestion I have to configure two vrrp processes: one on the front-end VLAN (where the VIP for the clients is located) and the other one on the back-end VLAN (where the server farm is located). Am I right?
Isn't sufficient to assign the same id to the two vrrp process to obtain the "fate sharing" for the two virtual gateways?
If not, which commands shall I add to the configuration I have sent to you ?
Second:
> Then, you may want to configure 'ip critical-
> service' to define when to failover
How can I associate a critical-service to an interface?
Moreover, on te front-end I can check the default gateway, but on the back-end what can I check?
Thank you very much!
regards,
Emiliano
02-24-2005 10:37 AM
Emiliano.
VRRP is the same as VRRP or HSRP on a router.
You need 1 process per vlan.
The id is only used to distinguish different instance of the protocol running on the same vlan.
It is not used to tie processes together.
You need to use the same critical service to do this.
The assign a critical service, the command is simply 'ip critical-service' under the vlan configuration.
Searching our website will give you information on how to do this exactly.
On the front-end you usually use the gateway, on the back-end, you can ping your own interface [to detect if the interface is alive], or you can check a few very critical servers, or a switch.
Regards,
Gilles.
03-03-2005 03:25 AM
Dear Gilles,
I have create a critical-service on each css in this way:
service upstream_downstream
ip address 10.24.36.254
keepalive type script ap-kal-pinglist "10.24.36.35 192.168.22.2"
keepalive frequency 2
keepalive maxfailure 2
keepalive retryperiod 2
redundant-index 7
active
where:
- 10.24.36.254 is a fictitious address (not esist)
- 10.24.36.35 is the defaul gateway for the css
- 192.168.22.2 is the address of the css interface on the back-end.
So, to use that critical-service...
circuit VLAN1 (back-end)
ip address 192.168.22.2 255.255.255.0
ip virtual-router 10 priority 110 preempt
ip redundant-interface 10 192.168.22.1
ip critical-service 10 upstream_downstream
circuit VLAN2 (front-end)
ip address 10.24.36.40 255.255.255.0
ip virtual-router 11 priority 110 preempt
ip redundant-vip 11 10.24.36.42
ip critical-service 11 upstream_downstream
Am I right?
Thank you very much!
Regards,
Emiliano
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide